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1 . Basis of the report 
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With regard to the language, the international search was carried out on the basis of the international application in the 
language in which it was filed, unless otherwise indicated under this item. 



□ 



the international search was carried out on the basis of a translation of the international application furnished to this 
Authority (Rule 23.1(b)). 



With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international search 

was carried out on the basis of the sequence listing : 

| | contained in the international application in written form. 

filed together with the international application in computer readable form. 

furnished subsequently to this Authority in written form. 

furnished subsequently to this Authority in computer readble form. 
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□ 
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2. 
3. 



□ 

□ 
□ 



the statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

the statement that the information recorded in computer readable form is identical to the written sequence listing has been 
furnished 

Certain claims were found unsearchable (See Box I). 
Unity of invention is lacking (see Box II). 



4. With regard to the title, 

| X | the text is approved as submitted by the applicant. 

| | the text has been established by this Authority to read as follows: 
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With regard to the abstract, 

fX~| the text is approved as submitted by the applicant. 

I I the text has been established, according to Rule 38.2(b), by this Authority as it appears in Box III. The applicant may, 
1 — ' within one month from the date of mailing of this international search report, submit comments to this Authority. 

The figure of the drawings to be published with the abstract is Figure No, 3 



| | as suggested by the applicant. Q None of the figures. 

|"X~| because the applicant failed to suggest a figure. 

| | because this figure better characterizes the invention. 
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I. Basis of the report 

1 This report has been drawn on the basis ot (substitute sheets which have been furnished to the receiving Office in 
" rZonse tc al invitation under ArtiCe 14 are referred to in this report as "onginaiiy filed" and are not annexed to 

the report since they do not contain amendments.): 



Description, pages: 

3_1 o as originally filed 

1 1a,2 w ft h telefax of 



20/12/1999 



Claims, No.: 

14A 

1-17 



filed with the demand 
with telelax of 



20/12/1999 



Drawings, sheets: 

1/7-7/7 as originally filed 

2. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 

3 B This report has been established as it (some of) the amendments had not been made, since they have been 
considered to go beyond the disclosure as filed (Rule 70.2(c)): 

see separate sheet 

4. Additional observations, if necessary: 
see separate sheet 



IV. Lack of unity of invention 

1 . In response to the invitation to restrict or pay additional fees the applicant has: 
□ restricted the claims. 
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INTERNATIONAL PRELIMINARY M ^«W^lISI^!^ 
EXAMINAT^ONREPORT . 

q paid additional tees. 

D pa id additional fees under protest. 

□ neither restricted nor paid additional tees, ^^jon is not complied and chose, according to Rule 
ra This Authority found that the requ.rement ol W f ees . 

3. This Authority cons.ders that the requ.r 
□ complied with. 

8 n „ t complied«i.h1or.he l o| k »wingre aS on S : 
B all parts. 

□ the parts relating to claims Nos. . 

. -^«s=:ss--== 

1. Statement 

Yes: Claims 
Novelty (N) No ." claims 

• te n«<n Yes: ClaimS 1 " 17 

Inventive step No . claims 

ma\ Yes- Claims 1-17 
industrial applicabHrty (IA) Yes. 

2. Citations and explanations 
se © separate sheet 
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VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 

VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 

see separate sheet 
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Item I.3.: 

The amendments filed with the International Bureau with the demand under Article 
19(1) and with the telefax of 20.12.19999 under Article 34(2) PCT introduce 
subject-matter which extends beyond the content of the application as filed, 
contrary to Articles 19(2) PCT and 34(2)(b) PCT. The amendments concerned are 
the following: 

1 . The Applicant filed a new dependent Claim labelled No. 1 4A with the demand. 
However, the additional features ("parallel outputs of Key registers and Logic 
Circuit are computer controlled ... preset via a keyboard ... operate in unique 
synchronism") present in this claim appear to have no basis in the description as 
originally filed. Hence, no basis for such an extension can be found in the applica- 
tion as filed and thus the claim as filed results in the application being amended in 
such a way that it contains subject-matter which extends beyond the content of 
the application as filed, contrary to Article 1 9(2) PCT. 

Consequently, Claim 14A is not taken into consideration for this International 
Preliminary Examination Report. 

2. Amended Claim 1 specifies that the addresses associated to key numbers are 
moved at "quasi randomly arranged times for a younger to an older position". 
However, the originally filed description discloses, that the table with key numbers 
and associated addresses is update periodically (see page 4, item (6) of key 
renewal process). Hence, no basis for the amendment is found in the application 
as filed, contrary to Article 34(2) (b) PCT. 

3 Amended Claim 2 defines that the key number replacement routine is imple- 
mented prior to the transmission of a new key from the Key Generation Centre 
and the e-mail stations. However, the originally filed application only discloses that 
the routine is implemented prior to key transmission from the local server (see 
page 4, items (6) to (8)). Hence, no basis for the amendment is found in the 
application as filed, contrary to Article 34(2) (b) PCT. 
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4. Newly filed Claim 1 1 introduces the feature of the "real data bits being transmitted 
at a randomly varying rate, according to the key being used by said e-mail 
station". No basis for this amendment can be found in the original disclosure 
where on page 2, §3, it is only specified that the real data is applied with a "delay 
of one full clock cycle", but no transmission rate is defined (see also description of 
Fig. 4 on page 5), neither is there a disclosure of the key being involved. There- 
fore, amended Claim 1 1 contains subject-matter which extends beyond the 
content of the application as filed, contrary to Article 34(2)(b) PCT. 

5. Newly filed Claim 1 2 introduces the feature of "the automatic server station 
receives ... the decrypted check number ... calling station". No basis for this 
amendment can be found in the original disclosure where on page 5, item (10), it 
is only specified that the random check number is sent to the calling station. 
Therefore, amended Claim 12 contains subject-matter which extends beyond the 
content of the application as filed, contrary to Article 34(2)(b) PCT. 

6. Amended Claim 12 also defines that the e-mail number is received in encrypted 
form by the automatic server station. In contrast, the originally filed description 
discloses that a dial number is encrypted and sent to the distant server station. 
Thus, no basis for the newly filed feature can be found in the originally filed 
application, contrary to Article 34(2) (b) PCT. 

7. Amended Claim 1 3 states that the pattern diffusion is applied according to the 
new encryption key. However, no basis for this feature can be found in the 
originally filed application (see originally filed Claim 1 1 ), contrary to Article 34(2)(b) 
PCT. 



Item I.4.: 

Concerning the Applicant's request for sending supplementary drawings filed with 
letter of 15 May 1 999, it is noted that no supplementary drawings were filed during 
the international preliminary examination procedure. 
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Re Item IV 

Lack of unity of invention 



1 



The International Preliminary Examining Authority is of the opinion that two groups 
of potential inventions are claimed in the present application. This opinion is 
based on the following reasons: 

The lack of unity becomes apparent a priori, i.e. before taking the prior art cited in 
the International Search Report into consideration (see PCT Guidelines III-7.5). 

The separate groups of potential inventions are: 

Group 1: Claims 1-11 and 13-17 

Encryption and automatic key renewal systems for associating address codes to 
keys, associating key age, issuing new keys prior to e-mail stations and ma.nta.n- 
ing a look-up table of valid key numbers by date and address code. 

Group 2: Claim 12 

Encryption and automatic key renewal system incorporating a key replacement 
routine whereby keys are encrypted with themselves and random check numbers 
are added in encrypted form for authentication of a user whishing to establish a 
secure communication. 

The common feature "encryption and automatic key renewal system" of the two 
groups of potential inventions is widely known in the art. 

The potential remaining special technical features of these different sets of 
potential inventions are not the same. They are not corresponding either, s.nce 
they are based on different concepts. 
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Re Item V 

Reasoned statement under Article 35(2) with regard to novelty, inventive step or 
industrial applicability; citations and explanations supporting such statement 

1 . The following documents are referred to: 

D1 : EP-A-0 738 058 (BARKAN MORDHAY) 16 October 1996 
D2: US-A-5 412 723 (CANETTI RAN ET AL) 2 May 1995 

D3: KAZUE TANAKA ET AL: 'KEY DISTRIBUTION SYSTEM FOR MAIL SYS- 
TEMS USING ID-RELATED INFORMATION DIRECTORY' COM- PUTERS 
& SECURITY INTERNATIONAL JOURNAL DEVOTED TO THE STUDY OF 
TECHNICAL AND FINANCIAL ASPECTS OF COMPUTER SECURITY, vol. 
10, no. 1, 1 February 1991 (1991-02-01), pages 25-33, ISSN: 0167-4048 

2. Present Claim 1 is in accordance with the requirements of Article 33(3) PCT 
because its subject-matter is novel and inventive. 

The claim relates to an encryption and automatic key renewal system for confi- 
dential e-mail communication. Similar systems are known from document D1 
which discloses a key generation centre for the generation of random keys for the 
use of the e-mail stations; means for renewal of the keys; scrambling means for 
encrypting transmission of data; and local server stations which store and update 
the random keys generated in the key generation centre, whereby the keys have 
associated access codes and time flags indicating the issue age of each key. 

The main problem to be solved is regarded as to provide enhanced security for 
data transmission between user-controlled e-mail stations. 

This is solved in that prior to each confidential communication to be set up 
between two e-mails stations, a new encryption key to be used is sent from the 
local server to the sending e-mail station. Furthermore, the look-up table which 
stores the keys at the local server is updated automatically from the key genera- 
tion centre, whereby the oldest keys are replaced by new keys. 

The solution is not suggested by the teaching of D1 because in the system 
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according to D1 a private/public key encryption technique is used, whereby a 
permanent private key is kept at the e-mail stations and a public key is used at the 
local server for further encrypting encrypted data sent from the e-ma.l stations. 
There is no possibility disclosed in D1 to automatically renew the encryption key 
used at the e-mail station prior to each communication. Furthermore, the public 
keys at the local servers in the system of D1 are updated only on user request 
and not automatically from a key generation centre as in the system according o 
Claim 1. Additionally, D1 does not specify details of list-keeping and updat.ng the 
list of keys. 

Hence, the teaching of D1 is several non-obvious steps away from the inventive 
solution. 

Document D2 does not disclose or suggest the inventive solution because in the 
system of D2 new keys are calculated directly at the e-mail stations and not 
served from the servers as specified in Claim 1. Furthermore, at the servers keys 
are calculated in a distributed manner and not received from a key generat.on 
centre. Hence, the teaching of D2 is far away from the subject-matter of Claim 1 . 

Document D3 also does neither disclose nor suggest the inventive solution, 
because in the system of D3, new keys are generated at the e-mail stat.ons based 
on a user secret which is generated at a trusted centre. No information is found in 
D3 about updating the user secret. Hence, the teaching of D2 is also far away 
from the subject-matter of Claim 1. 

3 Claim 13 is also in accordance with Article 33(1 ) PCT because its subject-matter 
relates to an automatic key renewal system wherein, as in accordance with the 
inventive feature of Claim 1, the e-mail stations are automatically provided with 
new encryption keys prior to each confidential communication. Furthermore Claim 
13 specifies the random key generators of which the functional features are 
neither disclosed nor suggested by document D1. 



4. 



The dependent Claims 1-11 and 14-17 relate to optional features of inventive 
Claims 1 and 13. Hence their subject-matter is also novel and inventive. 
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Independent Claim 12, in so far as it can be understood and fulfills Article 34(2)(b) 
PCT appears to fulfill the requirements of Article 33(1) PCT, because the claim 
relates to an encryption and automatic key renewal system wherein a single key is 
encrypted with itself and a random check number is added in encrypted form for 
authentification of an e-mail station whishing to establish a secure comrnun.cation 
via a server to another e-mail station. 

These features are neither disclosed nor suggested by document D1, because in 
the authentification routine of D1 two private/public key pairs but no check 
numbers are used. Hence, the teaching of D1 is far away from the invent.ve 
features of Claim 12. 

Documents D2 and D3 do not address authentification procedures in detail. 
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Re Item VII 

Certain defects in the international application 

1 . The preamble of independent Claim 1 does not contain the following feature, 
which is also known from document D1 (Rule 6.3(b) PCT): 

"said local server stations store said keys in a look-up table (column 3, lines 29- 
33) each key being associated with an address code (column 3, lines 49-56; and 
column 22, lines 8-9) and each address code having an associated data indicative 
of the age of said key at any time and to classify the age relative to the age of 
other keys in use at any given time (see "issue date", column 23, lines 15-18 and 
lines 32-36). 

2 The features of Claims 1 , 1 2 and 1 3 are not provided with reference signs placed 
in parentheses (Rule 6.2(b) PCT). This applies both to the preamble and charac- 
terising part of the claims. 

3. Contrary to the requirements of Rule 5.1 (a)(iii) PCT, the description is not adapted 
to the wording of the independent Claim 12. 

4 According to the requirements of Rule 1 1.13(1) reference signs not appearing in 
the description shall not appear in the drawings, and vice versa. This requirement 
is not met in particular in view of many of the reference signs in Figs. 5-10. 
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Re Item VIII 

Certain observations on the international application 

1 . Claim 1 specifies an address code and access addresses. It is unclear whether 
these terms represent the same addresses, or whether the address code is an e- 
mail address. 

2. Entity Claim 1 also defines method steps ("wherein ... addresses can be moved ... 
and oldest numbers being relegated"). It is unclear which functional features of the 
system are adapted to perform these operations. Hence, the category of the claim 
is unclear. 

3. System Claim 5 contains a method step ("the server station acts as a switch- 
board"). Hence, the category of the claim is unclear. 

4. System Claim 7 defines the algorithm used for the encryption process. Thus, the 
category of the claim is unclear. 

5. Also the category of system Claim 8 is unclear. By referring to time schedules, the 
claim specifies method steps: a "precise point in time for switching...". It is unclear 
which means functionally define the point in time. 

6. Claim 9 should not contain technical features in brackets (see Guidelines 
PCT/GL/3III, 4.11). 

7. Claim 12 lacks clarity because with the wording: "In an encryption ... system ... a 
key replacement routine", it can be queried whether the claim is directed either to 
a system, or to a process. Thus, the subject-matter and the category of the claim 
is unclear. 

8. System Claims 14 and 15 define encryption operations and processes which are 
continually influenced and modified. Hence, the category of these claims is 
unclear. 
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A Data Encryption System 
for Internet Communication 



There is a general concensus that serious use of the internet potential for 
the needs of Commerce and Industry requires a 100% long-term effective sys- 



tem for protecting privacy of the interchanges. 

Several aspects apart: from privacy would be important in making a choice of 
the technique. It would have to be suitable for all digital transmissions, 
irrespective of the coding employed. The same encryption system should be work- 
kable for. lettered, audible or visual messages. Also, the tine of processing 
the data should preferably not add more than 80% to the time for transmitting 
the same data in the clear form. Furthermore, no time should be spent on looking 
up directories for keys or other procedure rules. 

The objectives of this patent application follow from what has just been said: 
o to create for owners of PC's certain supplementary components easily added 
with the result of replacing registered and high-priority mail transmissions 
by a less expensive and faster track . protected against breach of confidentiality. 

o to reduce the need for personal trustworthiness and to replace it by trust- 
worthiness of the provisions of the system. 

o While the idea of "trusted third parties" is appropriate where Government 

interests are directly involved, the many contingencies that arise when applied 
to all communications would strain an already overburdened legal system. In 
contradistinction, the here proposed method would save trustworthy server 
stations from slipping into arbitrariness , favoritism and self-serving bureau- 
cracy. At the same time it would open a clear route for observers at Goven- 
ment level to use their authority of sampling messages in the interest of 
crime prevention and to do so even for longer periods if and when properly 
authorized and reasoned for in exposes open for public inspection within six 
years . 

This paper will outline the technical platform for accomplishing 
the above sketched objectives, with the further provision that its service be 
available to everyone at a relatively low extra cost over and above the cost of 
using internet comnunication. 
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The said 'technical platform 1 constitutes a system resting on two main pillars, 
namely 

(a) an algorithm which generates variable word length data scrambling 

(b) a hierarchic system of key distribution (e.g. a regulated method for ageing 
and then eliminating keys) 

In place of a lengthy explanation, we begin by referring to Figure 4 which 
illustrates the idea of variable word length text transformation. It will be clear 
that computer is ed scanning of the encrypted text will in this case have no pros- 
pect of providing any clue. 

Figure 5 shows a functional block diagram of the encryption/decryption hardware. 
In early implementations, a L6 bit shift register was used (block SR) with simple 
output to Input connection. The encrypted output resulting from such an arrange- 
ment showed a certain periodicity if the clear text consisted of the binary repre- 
sentation of a single letter , for example the letter 'a' in unchanging repetition. 
This revealed the potential for a certain weakness of the method unless steps are 
taken to overcome this possible point of attack for a hacker. In present designs 
we use a 31 bit shift register as the basis for a pseudo random data generator 
wherein the periodicity is vastly (pattern recurrance only once every 2,14 billion 
different combinations) reduced. In addition, further measures are taken to begin 
each message with an undefined length of meaningless text. That text is not delivered 
in clear by the algorithm. For the user it constitutes simply a few seconds waiting 
time added to the setting up time. One method of achieving this will be ex- 
plained in conjunction with Figures 3,4 and 8. 

Returning to the description of Fig. 5 P paralell outputs from the shift re- 
gister are connected to various logic elements under the heading LOGIC CONTROL. This 
comprises for example, a programmable counter, several flip flops and bistables 
and various gates. Some of the logic control elements are also exposed to inputs 
of the logic levels of the real data, both outgoing or incoming. These data are 
applied with a delay of one full clock pulse duration. This is done in the squa- 
res named 'bit delay 1 . The encrypted text on line 1 2 is derived from an OR gate 
into which alternately pass bit elements from the real data and from the Random 
data generator RDG, respectively a, by real data modified, output from said 
generator. Encrypted data received are de scrambled by action of the Logic Control 
group , in a single AND gate. 

Figures 6 and 7 explain how it is possible to have 8-10 simultaneously valid 
keys and how they are weighted in a number ageing process. Figure 8 shows a functio- 
nal block diagram of an LSI chip such as would be capable of carrying out data 
encryption at a high clock rate suitable for any cofrenunication network and would 
provide added security over and above the basic scheme of Figure 5. 



WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




PCT 

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification 6 ; 
H04K 



A2 



(11) International Publication Number: 
(43) International Publication Date: 



WO 99/16199 

1 April 1999 (01.04.99) 



(21) International Application Number: PCT/GB98/0288 1 

(22) International Filing Date: 24 September 1998 (24.09.98) 



(30) Priority Data: 

9720478.8 
9820824.2 



25 September 1997 (25.09.97) GB 
24 September 1998 (24.09.98) GB 



(71)(72) Applicant and Inventor; HALPERN, John, Wolfgang 
[GB/GB]; 15 Jordan Court, Imgram Crescent W., Hove, 
East Sussex BN3 5NU (GB). 



(81) Designated States: PL, PT, RU, SE, US, European patent (AT, 
BE, CH, CY, DE, DK, ES, FI, FR> GB, GR, IE, IT, LU, 
MC, NL, PT, SE). 



Published 

Without international search report and to be republished 
upon receipt of that report. 



(54) Title: A DATA ENCRYPTION SYSTEM FOR INTERNET COMMUNICATION 
(57) Abstract 

Two versions of a variable word length encryption method are discussed adapted for providing the means for long-term confidential 
transmission of printed characters, pictures, and voice dialogues over the telephone lines or the internet. 



FOR THE PURPOSES OF INFORMATION ONLY 
Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT. 



AL 


Albania 


ES 


Spain 


LS 


Lesotho 


SI 


Slovenia 


AM 


Armenia 


FI 


Finland 


LT 


Lithuania 


SK 


Slovakia 


AT 


Austria 


FR 


France 


LU 


Luxembourg 


SN 


Senegal 


AU 


Australia 


CA 


Gabon 


LV 


Latvia 


sz 


Swaziland 


AZ 


Azerbaijan 


GB 


United Kingdom 


MC 


Monaco 


TD 


Chad 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TG 


Togo 


BB 


Barbados 


GH 


Ghana 


MG 


Madagascar 


TJ 


Tajikistan 


BE 


Belgium 


GN 


Guinea 


MK 


The former Yugoslav 


TM 


Turkmenistan 


BK 


Burkina Faso 


GR 


Greece 




Republic of Macedonia 


TR 


Turkey 


BG 


Bulgaria 


HU 


Hungary 


ML 


Mali 


TT 


Trinidad and Tobago 


BJ 


Benin 


IE 


Ireland 


MN 


Mongolia 


UA 


Ukraine 


BR 


Brazil 


IL 


Israel 


MR 


Mauritania 


UG 


Uganda 


BY 


Belarus 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Iialy 


MX 


Mex ico 


UZ 


Uzbekistan 


CK 


Central African Republic 


JP 


Japan 


NE 


Niger 


VN 


Viet Nam 


CC 


Congo 


KE 


Kenya 


NL 


Netherlands 


YU 


Yugoslavia 


CH 


Switzerland 


KG 


Kyrgyzstan 


NO 


Norway 


zw 


Zimbabwe 


CI 


Cdtc d' I voire 


KF 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon 




Republic of Korea 


PL 


Poland 






CN 


China 


KK 


Republic of Korea 


PT 


Portugal 






cu 


Cuba 


KZ 


Kazakstan 


RO 


Romania 






cz 


Czech Republic 


LC 


Saint Lucia 


RU 


Russian Federation 






DE 


Germany 


LI 


Liechtenstein 


SD 


Sudan 






DK 


Denmark 


LK 


Sri Lanka 


SE 


Sweden 






EE 


Estonia 


LR 


Liberia 


SG 


Singapore 







WO 99/16199 PCT/GB98/02881 

A Data Encryption System 
for Internet Communication 



There is a general concensus that serious use of the internet potential for 
the needs of Commerce and Industry requires a 100% long-term effective sys- 
tem for protecting privacy of the interchanges. 

Several aspects apart from privacy would be important in making a choice of 
the technique. It would have to be suitable for all digital transmissions, 
irrespective of the coding employed. The same encryption system should be work- 
kable for. lettered, audible or visual messages. Also, the time of processing 
the data should preferably not add more than 80% to the time for transmitting 
the same data in the clear form. Furthermore, no time should be spent on looking 
up directories for keys or other procedure rules. 

The objectives of this patent application follow from what has just been said: 
o to create for owners of PC's certain supplementary components easily added 
with the result of replacing registered and high-priority mail transmissions 
by a less expensive and faster track . protected against breach of confidentiality. 

o to reduce the need for personal trustworthiness and to replace it by trust- 
worthiness of the provisions of the system. 

o While the idea of "trusted third parties" is appropriate where Government 

interests are directly involved, the many contingencies that arise when applied 
to all communications would strain an already overburdened legal system. In 
contxadistinction, the here proposed method would save trustworthy server 
stations from slipping into arbitrariness, favoritism and self-serving bureau- 
cracy. At the same time it would open a clear route for observers at Goven- 
ment level to use their authority of sampling messages in the interest of 
crime prevention and to do so even for longer periods if and when properly 
authorized and reasoned for in exposes open for public inspection within six 
years. 

This paper will outline the technical platform for accomplishing 
the above sketched objectives, with the further provision that its service be 
available to everyone at a relatively low extra cost over and above the cost of 
using internet communication . 
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The said 'technical platform 1 constitutes a system resting on two main pillars, 
namely 

(a) an algorithm which generates variable word length data scrambling 

(b) a hierarchic system of key distribution (e.g. a regulated method for ageing 
and then eliminating keys) 

In place of a lengthy explanation, we begin by referring to Figure 4 which 
illustrates the idea of variable word length text transformation. It will be clear 
that computerised scanning of the encrypted text will in this case have no pros- 
pect of providing any clue. 

Figure 5 shows a functional block diagram of the encryption/ decryption hardware. 
In early implementations, a 16 bit shift register was used (block SR) with simple 
output to input connection. The encrypted output resulting from such an arrange- 
ment showed a certain periodicity if the clear text consisted of the binary repre- 
sentation of a single letter, for example the letter 'a 1 in unchanging repetition. 
This revealed the potential for a certain weakness of the method unless steps are 
taken to overcome this possible point of attack for a hacker. In present designs 
we use a 31 bit shift register as the basis for a pseudo random data generator 
wherein the periodicity is vastly (pattern recurrance only once every 2,14 billion 
different combinations ) reduced. In addition, further measures are taken to begin 
each message with an undefined length of meaningless text. That text is not delivered 
in clear by the algorithm. For the user it constitutes simply a few seconds waiting 
time added to the setting up time. One method of achieving this will be ex- 
plained in conjunction with Figures 3,4 and 8. 

Returning to the description of Fig. 5, paralell outputs from the shift re- 
gister are connected to various logic elements under the heading LOGIC CONTROL. This 
comprises for example, a programmable counter, several flip flops and bistables 
and various gates. Some of the logic control elements are also exposed to inputs 
of the logic levels of the real data, both outgoing or incoming. These data are 
applied with a delay of one full clock pulse duration. This is done in the squa- 
res named 'bit delay' . The encrypted text on line 1 2 is derived from an OR gate 
into which alternately pass bit elements from the real data and from the Random 
data generator RDG, respectively a, by real data modified, output from said 
generator. Encrypted data received are descr ambled by action of the Logic Control 
group, in a single AND gate. 

Figures 6 and 7 explain hew it is possible to have 8-10 simultaneously valid 
keys and how they are weighted in a number ageing process. Figure 8 shows a functio- 
nal block diagram of an LSI chip such as would be capable of carrying out data 
encryption at a high clock rate suitable for any communication network and would 
provide added security over and above the basic scheme of Figure 5. 
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Detailed Discussion of the Drawings 



FIG. 1 shows two personal computers or comnunication work stations 
using a fixed secret key, or using a program permitting one of the stations 
to utilize the encryption key of the other. 

FIG. 2 illustrates a situation where the official key employed within an 
organisation is not nornally used for the actual encryption/ decryption of data. 
If for example station A represents the word processor in a secretarial pool 
of one corrpany, and station B the processor office in another company, And 
the message sender has a small computer in his office Ap wishing to send a con- 
fidential message to a particular person having a computer B p , then the procedure 
would be as follows: 

(a) The secretary at A will type into the word processor A a statement from 
Mr. Ap in clear language and put it on disk. 

(b) Next, the secretary agrees with Ap to display on the window of Ap the 
text as written for approval or amendments. 

(c) When approved, Ap will contact the secretary at A aver the phone to prepare 
internet connection with the connunication of office at B. 

(d) When communication is established, the secretary rings Ap to report 'ready'. 

(e) The executive at Ap new types his private password ppw into his keyboard 
thereby transmitting it to work station A where the instruction code tells the 
computer to deduct (or add) the password number, or a multiple thereof, from the 
encryption key of the organisation. 

(f ) Once this is done a green light informs the secretary that the clear text 
derived from the disk is to be moved through the enc rypt ion algorithm and out into 
the internet. 

(g) The encrypted message is taken on disk at computer unit B. It cannot be 
read by staff. 

(h) When executive B p returns to his office, he will find a light signal 
indicating that he has a personal message. Accordingly, he will enter the agreed 
pass word ppa on his computer keyboard together with the instruction of deducting 
it from the common general key. After that, the decrypted message will appear on 

the screen B . 

P 

It would be technically possible to provide the Managing Chief in each company 
with an automatic printout of all personal messages, to enforce the sharing 
of confidential information. 

Since the encryption system here expounded is not primarily determined by 
mathematical conversions, and therefore all nuirtoers are equally suitable, it would 
suffice if the executives concerned are told that they must have a six^Ligit ppw. 
Knoledge of agreed passwords may therefore be limited to the parties themselves. 



WO 99/1 61 99 PCT/G B98/0288 1 



FIG. 3 shows the structure of a Service Center SC for almost fully 
automatic connection service to clients wishing to send messages required 
to remain confidential. Fig. 3 shows again a workstation A in one locality 
and another workstation in a remote locality but using the same equiprent. 
The central server station consists of two sections (A & B) . These sections 

comprise channel switching section sw, switch control sections LS, or IS : 

— A B 

Two algorithmic sections virtually identically with those shown for exam- 
ple in Fig. 8; In each section is also a key register for storing a key K 
and a random text data holding register D^. Below is a computing section 
COMP, and below that a memory of past transactions, M. The computer unit 
COMP has a preferably direct link with a National Key Generator Cente r NKGC . 
Where a direct link is not available, a switched connection with NKGC will 
do because no clear data are passed through this link, (see als o Fig. 6 ) 
The process prior to A sending a confidential message to B, can be reported 
in ten steps. 

(1) station A dials the local Service Center (SC) and immediately thereafter 
dials also the number of the desired receipient B. 

(2) Station A gets indication that connection is made 

(3) prompted by (2) , section A receives from station A the address code for 
identifying *tie key held at present by station A. (see address reg. , fig. 7). 

(4) section B of SC calls station B. 

(5) Station B responds by sending its address in clear 

(6) using the two address numbers from A and B, the XL looks up from.a memory 
table similar to that of Fig. 7 the at the time valid secret key nuittoers. 
Section A of SC extracts the key nr. for station A, inserts it into the 
algorithm (algo) thereby encrypting l^by J^and sends it to station A 
for verification. - Section B of SC proceeds likewise with station B. 
(the table is stored in section COMP, and is periodically updated from 
the national key generator centre, see Fig. 6) . 

(7) A and B receive the encrypted keys and ^ respectively, decrypt them 
with their respective and Kg keys, and if any station cannot verify 

it sends to the respective section of SC a repeat request. If this also 
fails ... a 'failed 1 signal in clear goes to both stations. 

(8) With both comparisons correct, the SC proceeds to obtain from its COMP 
section an alternative key number K Q which section A encrypts with K A , 
and section B encrypts with 1^, and sends these numbers to stations A 
and B respectively where they are decrypted and entered into their key 
registers, substituting their earlier keys. 
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(9) Stations A and B send out K c * to the respective sections of SC 
where they are compared to test equality. 

at this point both stations would be ready 
to communicate. The time lapse so far (after 
the initial dialling by station A) would be 
less than 4 seconds- To improve security 
further a further step is adding a few seconds 
to the setting up procedure: 
(10) The Computer Resource Unit C0MP supplies to the operative sections a 
random number called where it is entered into a register connected 
for generating through re-cixculation a fairly large pseudo random 
number. This number is continual ly E ^ S ^through ttei algo sections 
of SC,and the output//sent to stations A and B where they are decrypted 
and continually passed through a comparator register being- only a few 
bits (5 - 12) long. Paralell outputs from this register are continually 
compared with a similar number of selected paralell bit outputs 
from the larger, in the opposite sense rotating, key register. Whenever 
all the bit positions of the static bit comparator are at the strobing 
moment equal, a pulse is released both in the stations A and B and in 
the Server Center SC internally which stops the D r bit generator and esta- 
blishes in the switching sections sw a direct connection between A and B- 
It should be noted that the true time distance 
in terms of real data clock pulses could not be 
determined by a hacker and therefore no conclusion 
be drawn as to the number structure of the initial 
key in the key register of the algorithm. This is 
because the variable word length encryption applies 
also to the D r data stream transmission. 
Figure 4 illustrates the nature of an encrypted n^ssage consisting as it 
does of an initial phase of random data the length of which cannot be ex- 
ternally detected, and a transmission phase consisting of a quasi-random 
mixture of real data bits and random bits - all in a single undivided 
string of bits giving no clue where one word begins or ends. There is thus 
no reference points against which an analyst might be able to study the bit 
sequences. 

Figure 5 has already been adequately dealt with on page 2 
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FIGURE 6 explains the role of the N K G C (national key generator center) . 
In that Center the K n numbers with their address allocations, and also the 
D r numbers are generated and the protocol for the transfer of these numbers 
to head offices of various kind is observed. The management of the Center 
would be limited to determining the optimum rate at which updates for new 
numbers should be made. This would be set responsive to the performance of 
the system as a whole as reported by supervisors. Performance reports from 
head offices such as Bk (banks) or TR (transport organisations) or SC's (ser- 
vice centers for confidential communications) would be studied by supervi- 
sors and appropriate responses formulated. Management would have no access 
to actual key numbers. When a station mal-perf orms , its encryption module is 
detached and sent to the factory, and replaced by a factory-new one. 

It is here suggested that both systenwise and with respect to the encryption 
module IC, the here explained confidential message system may .be. .used . .also in 
bank transaction as also in remotely issued travel passes and routing instruc- 
tions. 

FIGURE 7. This table surveys the position changes of a number which ranges 
from a nascent phase to an active, semi-active, and finally abandoned phase. 
The numbers are classified in terms of age. The active number range comprises 
in this example five ageing positions, and so does the semi-active range of 
numbers. If each column segment represents the tine span of, say, one 
week, it would take ten weeks for a number to travel from the nascent region 
through the active and semi-active region, in order to exit into the for 
normal use in^accessable abandoned region. 

Once an address is allocated to a number, the two numbers remain associated 

during their migration through said regions. 
Both active and semi-active numbers are valid numbers, and are therefore ac- 
cepted by terminals and server stations for commencing a communication. 
However, either right at the beginning or after completion of the comnuni- 
cation event, an older active number is substituted by a younger one, or 
any semi-active number is substituted by any number from the active region. 
If an internet station, or an IC card - through non-useage over a longer 
period of time - has in its encryption algorithm a number which at the time 
of re-use belongs to an abandoned number, it would be necessary to make 
contact with certain supervisory organs which have at their disposal access 
to a central register which keeps a record of numbers abandoned in the past. 
Such organs would be allowed to make also additional checks before they 
override the absence of a valid key number and bring the station or card 
up to date again. 
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FIGURE 8 This shows an example for the LSI chip circuit block, diagram. 

A chip of this type would be needed in an extension card for insertion 
or\g 

in^of the the slots for extension functions, such as are common in perso- 
nal computers, ^the following are the main features of the Chip: 

The four clock phases needed to operate the circuit may be either on 
ch*jp generated or supplied by the Computer (as fig. 8 indicates). The chip 
would also be used in the Service Center SC. There is a STORED KEY VERIFI- 
CATION AND KEY EXCHANGE MODULE (1). This group has four- input lines (ROP, 

■ En St K 

CK2, En and password ..) and two output lines . ^ In connection with inter- 
net operation there may be at least one more input from outside the chip, 
when namely the output EN has to be delayed because of delays /in getting 
a connection completed or for whatever other reason. When the electric level 
at EN changes this indicates that verification and key exchange are satis- 
factorily completed, and, with everything else being ready the next phase 
can begin. - The ROP input to module 1 resets all internal bistables and 
occurs when power is switched on or shortly afterwards. The d-input is con- 
nected to the incoming signal line to enable the address reference for the 
encryption key held, to be read out . This last mentioned detail is not shown 
worked out in figure 8. 

In practice, the circuit must satisfy the condition that external communica- 
tion of keys must take place only in the encrypted form. The input CK2 
provides the proper clock phase for the key exchange functions. The out- 
put K transfers to block 2 the new key before commencing the encryption and 
decryption functions. -All encrypted incoming line signals are decrypted by gate 16. 
° The pseudo random key generator rotates the sh ift* r^T^fi^r ? every 
CK3 clock pulse. The programmable counter 4 is advanced with every CK3 clock 
pulse. The bistable 23 is reset with every CK2 clock pulse. The programmable 
counter , after producing a carry output is loaded with the paralell output 
from the key generator at the time, that is between CK3 and the following CK2. 
The incoming or outgoing real data bits also have an effect on the constellation 
of the logic interconnections, block 3 in that the consecutive data bits are 
fed with the delay of one complete clock cycle to block 3. From this arrangement 
it follows that discovery of the clear text is not possible without the prior 
knowledge of the clear text, making discovery superfluous. Text generated in 
the P C is connected to a buffer register j j&r perhaps two such registers, via 
the terminal d Q The buffer fills until a signal F (full) is fed back to the 
computer. As the buffer clearSdue to passing on data to gate 14, the buffer 
register is filled up again from an overflow register in the computer itself. 
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The job of the pseudo random data generator, block 11 , is to provide meaning- 
less data bits to be fed to outlet 'd 1 via the gates 12 and 13 when c is high. 
The gate 14 admits data from the buffer 17 only when c is high. As the bistable 
outputs c and c are dependent on the rest of the algorithm, a quasi random 
mixture of real and fake data is produced at the d output when in the sending 
phase. When in the receiving phase, the scrambled mixture of real and random 
data bits is descrambled by gate 16 . The remaining real data in the gate 16 
output are channeled in the very beginning before the- actual message transmis- 
sion ro gate 21 and to the d input to block 1 during the initial key checking 
and exchanging phase. The output from 21 feeds into a short shift: register 7 
which has paralell outputs for each of the bits it holds. These are applied 
to a static comparator 8 and compared bit by bit with an equal number of out- 
puts from the register of block 2. As both the registers are shifted on the rising 
edge of CK3 but in opposite directions this has the effect of scanning and 
testing the registers as to the chance of hitting a seven bit (or 5-bit, etc.) 
combination where all the input bit comparisons are successful causing an output 
pulse by the strobing clock CK4 on AND gate 9 to trigger bistable 10. As the 
gate of 16b is enabled by Q , with the disappearance of this high level the flow 
of encrypted nonsense data stops. A very similar arrangement in the Service 
Center SC also causes the flow of these data to stop and to connect the station 
A (Fig. 3) with station B directly via switch elements sw. From now on, encrypted 
data are meaningful text from A to B. Station B will from that moment on 
channel data received at d (Fig. 8) through gates 16 and 16a to the output inter- 
face d^ on the PCB whose adge contactors sure plugged into the appropriate 
sockets inside the P C. When the workstation PC sends, an output SE is generated 
which disables the gate 16a. The computer can also generate a signal along 
chip input pwl (password line) to modify the encryption key as explained.in 
connection with the comment on Figure 2. 

Finally, the question should be addressed whether the present encryption system 
permits the cocnnunicating parties to engage in a dialogue. The answer is yes, 
messages may be sent in both directions /without pause and there is no limit to the 
length of the message or of the dialogue. 
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Because of the nature of the encryptotion method which defies any form 
of systematic factoring of the encrypted text, it is unlikely that a free- 
lance hacker can be a threat to the described system in spite of the fact 
that the interchnages between the Client Computer (CC) and the Server 
Station (SSt) contain one element, the address information, in the clear. 
In a slightly better position are the expert engineers of the server stations 
which may have an insight into the precise moment when within the encrypted 
data flow various addresses are offered. In a very general way one may 
admit the possibility of a problem that may then arise. An alternative scheme 
would permit also the address code to be sent only in the encrypted form. 
According to our proposal, the Client Computers of a local region would hat e 
a special relationship with the Internet Secure .Server station of that same 
region (SSt) . The Client Computer (CC, Fig. 9) would when contacting the 
Server send to it its ID number. This number serves as an address in the 
Serve c station's memory bank which would contain the very same data as the 
Client station, namely a chip serial nr. and / or the date of inaugura- 
tion of the client chip (from an unalterable ROM) . 
the last entered encryption Key nr. 
The last entered Preamble Delay nr. D r 
and in place of a revolving address code, an annual 
sequential entry serial nr. 
Based on this information, the calling station may immediately begin with 
sending its own data in encrypted form which ^l^er^er station would place into 
a comparator register, and if all these data are correct will automatically 
issue a new key number and preamble random delay number and the next sequential 
nr., in encrypted form using the old key, and the corresponcSr^^^ar data are 
then placed into the memory of the Client Computer station. Its operator is 
requested to dial the distant station to which message material is to be 
sent. The dial number would pass through the encryption algorithm and there- 
for does not allow a third party to know which conpany. or person will be con- 
nected. The first part of the dial code will call up the distant Server station 
(for example BBZ) and the number part will call up the particula CC, say 1500. 
When the latter responds, it sends its own ID number to the distant local 
Server station, and a similar comparison process as described above, is ini- 
tiated. If this verifies that the correct CC station has been contacted, 
the new key (K n2 > given to the calling station is now also given to the called 
station. After this is verified, this is made known to the calling station, 
and a display invites its operator to proceed sending the intended material 
(text, drawings, voiced comment, etc) . 
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The just described alternative logistics for a variable word length 
data transmission system, would blend well into telephone and internet 
based communication infra structures. 

It is feasible that just one further step in this direction could be made 
by integrating the envisaged function of secure Server Stations with the 
location of telephone branch Exchanges (as indicated in Figure 10) , This 
would be economical rih installation costs, and could work fully automatically 
in the environment of an automatic switching system. This does not exclude 

the computerized electronic equipment being housed in a separate re- 
inforced building. It would suffice to have that building in close vici- 
nity to the said telephone Exchange station. 
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CLAIMS 



An encryption and automatic key renewal system for confidential E-Mail 
comprising at least one E-mail station or internet computer linked to 
a communication system 

a national center for the generation of random keys for the use of said 
stations, 

means for the scrambling or encrypting of data in said stations, 
means for the periodic renewal of keys controlling said scrambling means 
and local server centers which store and update the said random keys 
generated in said national center, 

WHEREIN said keys shortly before they are delivered from the said 
Center become associated with one of a limited number of address codes, and 
WHEREIN the number of the week within a year or some other flag data 
are attached to said address code that will readily permit the evalu- 
ation of the age of said key at any time and to classify its age relative to 
the age of other keys in use at a given tine, and 

WHEREIN FURTHER a server station when issuing the youngest number to 
ah internet station will delete the .oldest number from its current list of 
valid key numbers and utilise the former address code of that abandoned 
key for associating it with the youngest key (Fig. 7) . 

An encryption and automatic key renewal system for confidential E-mail 
as in CLAIM 1 

WHEREIN the procedure for recognising the legitimacy of a Server Station 
by a calling E-mail station is as follows: 

(a) sending to the server station the address code attached to its own 
encryption key 

(b) the address must assist the server station in obtaining the calling 
station's encryption key 

(c) The Server station equipment encrypts that key number by itself 

(d) the Server station sends th encrypted key to the E-mail station 

<e) the E-mail station decrypts using its own key and places the result 
into a comparator register 

(f) If the compared numbers are equal, the E-mail equipment informs 
the Server sttaion accordingly (FIG. 7) . 
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An encryption and automatic key renewal system for confidential E-mail 
as in Claim 2, WHEREIN in the case of receiving the OK signal the Server 
stakon is programmed to obtain from its computer section (COMP) an al- 
ternative key number <K C ) from the current valid list of key numbers, 
and to encrypt that new number with the key of the calling station, 
and wherein the latter is programmed upon receipt of the encrypted new 
key to decrypt sq£ad number and to place it into its key register in substi- 
tution of the number it had before. 



An encryption and automatic key renewal system for confidential E-mail 

as in Claim 3, WHEREIN the Server station (SC) ,Fig. 3, also acts as an 

(A) 

Switchboard for connecting a calling station/ to a requested receiving 
station (B) , and WHEREIN the Server station consists of a twin structure 
which .is equipped with two sets of encryption algorithm (algo) , two sets of 
switching controls, (LSA and LSB) , and two sets of buffer memories (K ) 
for holding key number, address codes and other relevant flags as supplied 
by the computer section COMP. 

An encryption and automatic key renewal system for confidential E-mail 
as in any preceding Claim 

WHEREIN the said twin sections of the said Server Center equipment (SC) 
also contains a pseudo-random generator register (D r ) in order to gene- 
rate quasi-data inputs of equal length simultaneously transmitted and encryp- 
ted by the said K 

c 

number to the communicating stations (A,B) in order 
thereby to shift the starting conditions in the algorithms of the E-mail 
units for the real text (see Fig, 4) to an undetectable point. 

An encryption and automatic key renewal system for confidential E-mail as 
in claims 1-5 wherein the algorithms used for the encrypting process 
produce : word-bit configurations consisting of more than 8 bits and less 
than 16 bits per word transmitted , and the bit number per word is con- 
tinually changing. 
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An encryption and automatic key renewal system for confidential E-Mail 
as in CLAIM 5, WHEREIN the precise point in tine for switching the com- 
municating stations from the said initial meaningless random information 
(being received but not in its decrypted form outputted) is functionally 
defined by comparing the data flow in two registers, namely register 2 
with that of register 7 whereby the data shift is prompted by the same 
clock phase (CK3) but occurs in opposite directions . 

An encryption and automatic key renewal system for confidential E-Mail 
as in any of the preceding claims f 

WHEREIN the main circuit groups of the integrated algorithm circuit (FIG* 8) 
comprises 

(a) a stored key verification and key exchange module (1) 

(b) a Pseudo Random Key Generator (2) 

(c) a system of logic circuit elements and interconnections between them 

(d) a programmable counter (4) 

(e) an open-ended shift register with para le 11 bit outputs (7) 

(f ) a pseudorandom Data Generator (11) for supplying surplus data bits 

(g) a one clock-pulse delay circuit which delays real data bits (incoming 
and outgoing in affecting the state machine or algorithm status 

(h) a serial buffer system 17 for accepting work station data and 

to pass them to the algorithm in accordance with the instant state 
of the algorithm. 



An encryption and automatic renewal system for confidential E-Mail 
as in Claim 8, wherein the said circuit block (1) also contains mathe- 
matical processing means, for example for adding or deducting a Pass 
Word from the operative Key number in the key register of said nodule. 

An encryption and automatic key renewal system for confidential E-Mail 
as in any of the aforegoing claims, and / or as shown and described 
in the accompanying drawings and the Specification. 

An encryption and automatic encryption key renewal system for confi- 
dential E-Mail wherein the output of the said pseudo-random data gene- 
rator is mixed with the bit levels of other outputs of the encryption 
circuit or with the clear bit levels of the data flow so as to diffuse 
any pattern such as may be recognised in the expanded data words. 
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An encryption and automatic key renewal system for confidential E-Mail 
wherein the basic functionality of the said algorithm circuit 
is continually influenced and modified 

(a) by the paralell bit outputs of a revolving encryp- 
tion key register 

and (b) by the clear bits of the data inputted to the 

algorithm circuit for encryption or outputted from the algorithm circuit 
after decryption 

An encryption and automatic key renewal system for confidential 
E-Mail essentially as characterised in Claim 1 wherein the functiona- 
lity of the encryption process is broadly determined by an, partly in 
special hardware executed, algorithm and embodied in a microelectro- 
nic chip and wherein this functionality is not rigidly predetermined 
but continually influenced and modified 

(a) by the paralell bit outputs of a revolving encryp- 
tion key register,- and 

(b) by some but not all the clear bits of the data 
inputted to the said algorithm circuit for encryption or outputted 
from the said algorithm circuit after decryption* 

An encryption and automatic key renewal system for confidential E-Mail 
as characterised in Claim 13 wherein the functionality of the said 
microelectronic chip circuit is further influenced and modified 

(c) by the configuration of a password entered by an 
operator at the sending and receiving stations in order to ensure 

that the transmitted text, picture, or voice mail is faithfully 
reproduced only for those persons who are intended to know it. 

An encryption and automatic key renewal system for confidential 
E-Mail as in Claim 13 wherein the in hardware represented por- 
tion of the encryption algorithm also contains m-mory into which can be 
written only once, namely when a specific E-Mail station is inaugura- 
ted and associated with a definite inauguration date, a definite serial 
number, and a definite name and a definite Server Station (SSt) , and 
wherein the said Client Computer (CC) details are also held in 
memory by the local Server Station (SSz) at an address numvber which is 
numerically identical with the ID of the CC concerned. 
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\ Data Encryption system 
for Internet Cocnmonlcation 



There is a general concensus that serious use of the internet potential fear 
the needs of Conmerce and Industry requires a 100% long-term effective sys- 
tem for protecting privacy of the interchanges. 

Several aspects apart from privacy would be important in making a choice of 
the technique. It would have to be suitable for all digital transmissions, 
irrespective of the coding employed. The saire encryption system should be wor- 
kable for. lettered, .audible or visual messages. Also, the tiro of processing 
the data should preferably not add more than 80% to the tire for transmitting 
the sajne data in the clear form. Furthermore, no tine should be spent on looking 
up directories for keys or other procedure rules. Qj 

EF-A-0736 056 discloses a system for the secure" £T1 
distribution of encryption keys using a key management device 
attached to each user's encryption machine, containing a list * 
of secure communication partners and their respective ^ 
encryption keys, If the desired addressee data is not found ^ 
in the local data list, the device connects to a secure key 

distribution centre which is protecced by encryption using C™ 
the public key method. 

Kazue Tanake et al: "Key Distribution System for Mail |= 
Systems using ID-Related Information Directory", Computers ff\ 
and Security International Journal Devoted to the Study of _ 
Technical and Financial Aspects of Computer Security, vol. \2 
10, no, 1 (1991-02-01), pp 25 - 33, ISSD 0167-4048, discloses O 
a key distribution system which uses a public directory, ^ 
which contains each user's ID-related information. A gender 
generates a key and key information which depends on the 
receiver, and sends the key information along with the 
encrypted tnesgage. 

The objective of this patent- application follow from W' "his just been said: 
o to create for cwners of PC's certain supplementary cornponents easily added 
. with the result of replacing registered and high-priority rail transmissions 
by a less expensive and faster track . protected against breach of confidentiality. 

to reduce the need for personal trustworthiness and to replace it by trust- 
vrarthiness of the provisions of the system. 

While the idea of -trusted third parties- is appropriate where Governrcnt 
interests are directly involved, the many contingencies that arise when applied 
to all cmnwications w^ld strain an already overburdened legal syscem. In 
contraai^tii«±on f the bare proposed rethod would trustworthy server 

stations from slipping into arbitrariness f favoritism and tsclf^aerving bureau- 
cracy. At the same tiire it would open a clear routs for observers at Govciv- 
nent level to use their authority of sanpling usages in the interest of . 
criJOG prevention and to do so ev^n for longer periods if arri when properly 
authorized and re^oocd for in exposes open for public inspecrtion within e^g$ 
yQax3 - ^^'EL721435571US 
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ihls paper vill outULna the technical* 
the above sketched objectives, with the further provision that its service be 
available to everyone at a relatively lew extra cast over and above the cost of 
using internet rorno^nicatioa. 

Ths said 'technical platform 1 constitutes a system testing on rwo main pillars, 
narcnly 

la) an algorithm which generates variable wordlength data scrambling 
(b) a hierarchic system of key distribution (a.g- a regulated method for agoing 
•and then elirninating Keys) 

In accordance with a first aspect, the present invention provides an 
encryption and fully automatic key renewal system for confidential e-mail 
communication, comprising at least two e-mail stations linked to a communication 
system; the encryption and automatic key renewal system comprising: 

a key generation centre (NKGC) for the generation of random keys for the 
use of said at least two e-mail stations; 

means for the periodic renewal of the keys used by said at least two e-mail 
stations; and 

means for scrambling or encrypting data To be transmitted, using said keys; 

and 

local server stations which store and update said random keys generated in 
said key generation centre; characterised in that 

said local server stations store said keys in a look-up table, each key being 
associated with an address code and each address code having associated data 
indicative of the age of said key at anytime and to classify the age relative to the age 
of other keys in use at any given time; and 

each said server station including means adapted to issue; prior to each 
confidential e-mail communication from said at least two e-mail stations, a new key 
to the sending e-mail station, as the key to be used by said station for scrambling or 
encrypting the data to be transmitted; 

wherein said look-up tabic means stores a fixed number of encryption key 
numbers conjointly with their respective access addresses in a shift register-like 
memory structure wherein the said fixed group of key numbers and said addresses 
can be moved at quasi randomly arranged times from a younger to an older position 
the youngest position serving as an entrance point for a new number supplied by the 
said key generation centre, and the oldest number being relegated to an inactive and 
reserved position outside the said fixed number or group of encryption keys. 

In accordance with an second aspect, there is provided an encryption and 
automatic encryption key renewal system for confidential e-mail communication, 
comprising at least one e-mail station linked to a communication- system; said 
system comprising a pseudo-random data generator, characterised by a key 
generation system and an encryption circuit, said key generation system 
automatically providing said e-mail station with a new encryption key before each 
e-mail communication, and wherein the output of said pseudo-random data 
generator is mixed with the bit levels of outputs of said encryption circuit and with 
clear bit levels of said input data, according to said key, so as to diffuse any pattern 
such as may be recognised in the expanded data words 
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In place of a lengthy explanation , we begin, by referring to Figure 4 which 
illustrates the idea of variable word length text transformation. It will be clear 
that computerised scanning of the encrypted text will in this case have no pros- 
pect of providing any clue. 

Figure 5 shows a functional block diagram of the encryption/decryption hardware. 
In early iitplemsntations, a 16 bit shift register was used (block SR.) with simple 
output to input connection. The encrypted output resulting from such an arrange- 
ment shewed a certain periodicity if the clear text consisted of the binary repre- 
sentation of a single letter, for example the letter 'a'' in unchanging repetition. 
This revealed the potential for a certain weakness of the method unless steps axe 
taken to overcare this possible point of attack for a hacker. In present designs 
ve visa a 31 bit shift register as the basis for a peeudo- random data generator 
wherein the periodicity ia vastly (pattern recurrence only once every 2,14 billion 
different combinations) reduced, in addition, further measures are taken to begin 
each message with an undefined length of neaningless text. That text is not delivered 
in clear by the algorithm. For the user it constitutes si^ly a few Ee conds waiting 
time added to the setting up time. One method of achieving- this will be ex- 
plained in conjunction with Figures 3,4 and B. 

Ramming to the description of Fig. 5, paralell outputs from the shift re- 
gister are connected tn various logic elements under the. : heading logic CONITOL. This 
comprises for example, a programmable counter, several flip flops and bistables 
and various gat«. some of the logic control elements are also exposed to inputs 
of the logic levels of the real data, both outgoing or incoming. These data are 
applied vith a delay of one full clock pulse duration. This is dona in the squa- 
res named 'bit delay- . The encrypted text on line lj is derived from an. GR gate . 
into which alternately pass bit elements from the real data and from the Random 
data generator KDG, respectively a, by real data modified, output from said 
generator. Encrypted data received are descranbled by action of the Logic Control 
group, in a single at© gate. 

Figures 6 and 7 explain how it is possible to have e - 10 simultaneously valid 
keys and how they are Weighted in a nurt>er ageing process. Figure 8 shows a functio- 
nal block diagram of an LSI chip auch as would be capable of carrying cut data 
encryption at a high clock rata suitable for any coruscation network and would 
provide added eecurity over and above the basic scheme of Figure 5. 
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1. An encryption and fully 'automatic key renewal system 
for confidential e-mail communication, comprising at 
least two e-mail stations linked to a communication 
system; the encryption and automatic key renewal system 
comprising: 

a key generation centre (NKGC) for the generation 
of random keys for the use of said at least two e-mail 
stations; 

means for the periodic renewal of the keye used by 
said at least two e-mail stations; and 

means for scrambling or encrypting data to be 
transmitted , using said keys; and 

local server stations which store and update said 
random keys generated in said key generation centre; 
characterised in that 

said local server stations store, said keys in a 
look-up table, each key being associated with an address 
code and each address code having associated data 
indicative of the age of said key at any time and to 
classify the age relative to the age of other keys in 
use at any given time; and 

each said server station including means adapted to 
issue, prior to each confidential e-mail communication 
from said at least two e-mail stations, a new key to the 
sending e-mail station, as the key to.be used by said 
station for scrambling or encrypting the data to be 
transmitted; 

wherein said look-up table means stores a fixed 
number of encryption key numbers conjointly with their 
respective access addresses in a shift register-like 
memory structure wherein ' the said fixed group of key 
numbers and said addresses can be moved at quasi 
randomly arranged times from a younger to an older 
position the youngest position serving as an entrance 
point for a new number supplied by the said key 
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generation centre, and the oldest number being relegated 
to an inactive and reserved position outside the said 
fixed number or group of encryption keys. 

2 . An encryption and fully automatic key renewal 
system as in claim 1, wherein the said at least two e- 
mail stations have means for encrypting and decrypting 
data including the key numbers themselves, comprising 
means for executing a key number replacement routine 
which accepts a new key number only on the basis of a 
successful completion of the replacement routine, the 
said routine being implemented prior .to the transmission 
of a new key from the said Key Generation Centre, the 
said local Server Station (5), and the said e-mail 
stations . 

3 . An encryption and automatic key renewal system for 
confidential e-mail as in claim 1 or 2, comprising means 
for recognising the legitimacy of a server station by a 
calling e-mail station, comprising 

(a) means for sending to the server station the 
address code associated with the e-mail station's 
encrypting key; . 

(b) means for using the address to assist the 
server station in obtaining the calling station's 
encryption key; : 

(c) the server station comprising equipment to 
encrypt the key encryption number with itself; 

(d) the server station also comprising means to 
send the encrypted key to the e-mail station; 

(e) the e-mail station comprising means for 
decrypting the received key, using its own key and 
placing the result into a comparator Register, and means 
for determining if the compared numbers are equal for 
informing the server station accordingly. 

4, An encryption and automatic key renewal system for 
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confidential e-mail as in claim 3, wherein in the case 
that the compared numbers are equal the server station 
is programmed to obtain from its storage means an 
alternative key number (Kc) from the currently stored 
key numbers , ajnd to encrypt that new number with the key 
of the calling station, and wherein the latter is 
programmed upon receipt of the encrypted new key to 
decrypt said number and to place it into its key 
register in substitution of the number it had before, 

5. An encryption and automatic key renewal system for 
confidential e-mail as in claim 3, wherein the server 
station (SC) also acts as an switchboard for connecting 
a calling station (A) to a requested receiving station 
(B) , and wherein the server station consists of a 
computer section (COMP) and a twin structure which is 
equipped with two sets of encryption algorithm (algo) , 
two sets of switching controls, (LSA and LSBJ , and two 
sets of buffer memories (xj for holding key number, 
address codes and other relevant flags as supplied by 
the computer section (COMP) . 

6- An encryption and automatic key renewal system for 
confidential e-mail a in claim 5, wherein the said 
server station (SC) also contains a pseudo-random 
generator register (D r ) in order to generate quasi-data 
inputs of equal length simultaneously -transmitted and 
encrypted by the said alternative key number (KJ to the 
communicating stations (A, B) in order thereby to shift 
the starting conditions in the algorithms of the e-mail 
units for the real text to an undetectable point. 

7. An encryption and automatic key renewal system for 
confidential e-mail as in claim 5 or 6-, wherein the 
algorithms used for the encrypting process produce word- 
bit configurations consisting of more than 8 bits and 
less than 16 bits per word transmitted, and the bit 
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number per word is continually changing. 

8. An encryption and automatic key irenewals system for 
confidential e-mail as in claim 6, wherein the precise 
point, in time for switching the communicating stations 
from the said initial meaningless random information is 
functionally defined by comparing the data flow in two 
registers, namely register (2) with that of register (7) 
whereby the data shift is prompted by the same clock 
phase (CK3) but occurs in opposite directions. 
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9- An encryption and automatic key .renewal system for 
confidential e-mail as in any of the preceding claims, 
comprising 

(a) a stored key verification and key exchange 
module (1) , 

(b) a Pseudo Random Key Generator (2) , 

(c) a system of .logic circuit elements and 
interconnections between them 

(d) a programmable counter (4) 

(e) an open-ended shift register 1 with parallel bit 
outputs (7) 

(f) a pseudo-random Data Generator (11) for 
supplying surplus data bits 

(g) a one clock-pulse delay circuit which delays 
real data bits (incoming and outgoing; in affecting the 
state machine or algorithm status) 

(h) a serial buffer system (IB) for accepting work 
station data and to pass them to the algorithm in 
accordance with the instant state of the algorithm, 

10. An encryption and automatic renewal system for 
confidential e-mail as in claim S, wherein the said 
module (10 also contains mathematical processing means 
for adding or deducting a password from the operative 
key number in the key register of said: module . 
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11. An encryption and automatic renewal system as 
claimed in any preceding claim, wherein said data to be 
encrypted is encrypted using a variable word length 
encryption system, wherein the data output from the 
encryption, system comprises random data bite and real . 
data bits, said real data bits being .transmitted at a 
randomly varying rate, according to the key being used 
by said e-mail station. 

12. In an encryption and fully automatic key renewal 
system, a key replacement routine comprises the steps of 

in an automatic server station: receiving from a 
calling station a stored encryption key access address 
in clear text and in encrypted form the e-mail number of 
the party to be called, 

based on said access address, identifying the 
encryption key which had been allocated to the calling 
station for its preceding confidential e-mail 
communication, 

based on said identified key, the automatic server 
station encrypts the key by itself and adds a quasi 
random check number in encrypted form,.' and sends both to 
the calling station, 

the calling station compares the 'decrypted received 
key with the one stored, and, if not identical, provides 
and indication thereof, 

the automatic server station receives from the e- 
mail station the decrypted check number and compares it 
with the check number used before encrypting it, and, if 
not the same, will not proceed, and if the same, will 
decrypt the access number of the called station, and 
execute the call repeating the verification steps 
carried out with the calling station. 

13, An encryption and automatic encryption key renewal 
system for confidential e-mail communication, comprising 
at least one e-mail station linked to a communication 
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system; said system comprising a pseudo^ random data 
generator; characterised by a key generation system and 
an encryption circuit, said key generation system 
automatically providing said e-mail station with a new 
encryption key before each e-mail communication, and 
wherein the output of said pseudo-ran.dom data generator 
is mixed with the bit levels of outputs of eaid 
encryption circuit and with clear bit; levels of said 
input data, according to said key, so 1 as to diffuse any 
pattern such as may be recognised in the expanded data 
words . 
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14. An encryption and automatic key renewal system as 
claimed in claim 13, wherein the operation of said 
encryption circuit is continually influenced and 
modified 

(a) by the parallel bit outputs of a revolving 
encryption key register, and 

(b) by the clear bits of the data inputted to the 
encryption circuit for encryption or outputted from the 
encryption circuit after decryption. 
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15. An encryption and automatic key renewal system for 
confidential e-mail as claimed in any of claims 1 to il r 
13 or 14, wherein the encryption process is determined 
by an algorithm embodied in a microelectronic chip and 
wherein this process is not rigidly predetermined but 
continually influenced and modified 

(a) by the parallel bit outputs of a revolving 
encryption key register, and 

(b) by some but not all the clear bits of the data 
inputted to the said algorithm circuit for encryption or 
outputted from the said algorithm circuit after 
decryption . 

IS. An encryption and automatic key renewal system for 
confidential e-mail as characterised in claim 14, 
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wherein the functionality of the said microelectronic 
chip circuit is further influenced and modified 

(c) by the configuration of a password entered by 
an operator at the sending and receiving stations in 
order to ensure that the transmitted text, picture or 
voice mail is faithfully reproduced only for those 
persons who are intended to know it. [ 

17. An encryption and automatic key' renewal system for 
confidential e-mail as in claim 15. wherein means for 
carrying out the encryption process includes a memory 
into which can he written only once, namely when a 
specific e-mail station is inaugurated and associated 
with a definite inauguration date, a definite serial 
number, and a definite name and a definite server 
station (sc) , and wherein the said client computer (CC) 
details are also held in memory by the local server 
station (SSt) ac an address number which is numerically 
identical with the ID of the CC concerned. 
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